Police allege 'evil twin' in-flight Wi-Fi used to steal info
www.theregister.comFasten your seat belts, secure your tray table, and try not to give away your passwords
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.47K Posts
- 58.8K Comments
- Modlog
This sounds like it could be a combination FCC and FAA felony.
Oops, nope, I was thinking of the wrong country.
Doesn’t this seem like an inefficient way to go about? Locked in a flying tin can with the same ~100 people for a few hours. I would think a public library or busy transit station would net way more info, with the added advantage of not being locked in if someone starts getting suspicious.
If you are trying to steel credentials from people with power and money passengers in first class are a good target.
Where else are you going to find a cluster of people like that that are using the wifi and are going to be there for hours. It’s about as optimal as I can think of.
Even better if you are targeting a spefic company. Just pick flights out of the headquarters for that company.
If you want to attack say Microsoft pick a flight from Seattle to DC. Pretty good odds of a Microsoft high up being on the flight and wanting to use the wifi for work.
What do you do when you’re locked in a flying tin can and bored out of your mind?
Some of us just fire up Kali and play
The article said the man had done similar with airport wifi and a place of prior employment. But the airplane one is an odd choice
I feel like with the advent of nearly ubiquitous unlimited mobile data plans (in some parts of the world) a lot less people use public WiFi. However on a plane you have little choice, so it makes sense.
Who hides in a Pineapple from the FCC?
EDIT:
This is the best summary I could come up with:
Australia’s Federal Police (AFP) has charged a man with running a fake Wi-Fi networks on at least one commercial flight and using it to harvest fliers’ credentials for email and social media services.
The man was investigated after an airline “reported concerns about a suspicious Wi-Fi network identified by its employees during a domestic flight.”
The AFP subsequently arrested a man who was found with “a portable wireless access device, a laptop and a mobile phone” in his hand luggage.
It’s alleged the accused’s collection of kit was used to create Wi-Fi hotspots with SSIDs confusingly similar to those airlines operate for in-flight access to the internet or streamed entertainment.
Airport Wi-Fi was also targeted, and the AFP also found evidence of similar activities “at locations linked to the man’s previous employment.”
AFP Western Command Cybercrime detective inspector Andrea Coleman pointed out that free Wi-Fi services should not require logging in through an email or social media account.
The original article contains 364 words, the summary contains 158 words. Saved 57%. I’m a bot and I’m open source!
They arrested him? What was the crime?? People connected to his network. Its not like he hacked their network.
Cybercrime is illegal just like stealing or committing fraud
Cybercrime is usually defined as unauthorized system access.
How is running a free WiFi AP a crime?
Because you are stealing peoples data and credentials.
So the airline is also comitting a crime?
They aren’t stealing login data to my knowledge
emphasis added by me From the article:
The man was investigated after an airline “reported concerns about a suspicious Wi-Fi network identified by its employees during a domestic flight.”
It’s alleged the accused’s collection of kit was used to create Wi-Fi hotspots with SSIDs confusingly similar to those airlines operate for in-flight access to the internet or streamed entertainment. Airport Wi-Fi was also targeted, and the AFP also found evidence of similar activities “at locations linked to the man’s previous employment.”
Wherever the accused’s rig ran, when users logged in to the network, they were asked to provide credentials. The AFP alleges that details such as email addresses and passwords were saved to the suspect’s devices.
The charges laid against the man concern unauthorized access to devices and dishonest dealings. None of the charges laid suggest the accused used the data he allegedly accessed.
However three charges of “possession or control of data with the intent to commit a serious offence” suggest the alleged perp was alive to the possibilities of using the data for nefarious purposes.
You can tell because it has a goatee.